This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
– dynamic: evaluation, behaviours, ... This is not only a concern for theoreticians: it is the very basis for compilers, programming environments, testing tools, etc...
in emitter || Fwd_channel || Bwd_channel || receiver
Mastère RSD - TC4 oct-nov 2006 34
Example: Alternated Bit Protocol (3)
Channels that loose and duplicate messages (in0 and in1) but preserve their order ?
• Exercise :1) Draw an LTS describing the loosy channel
behaviour
2) Write the same description in CCS
Mastère RSD - TC4 oct-nov 2006 35
Program of the course:1: Semantic Formalisms
• Semantics and formal methods: – motivations, definitions, examples
• Operational semantics, behaviour models : represent the complete behaviour of the system– CCS, Labelled Transition Systems – Equivalences
Mastère RSD - TC4 oct-nov 2006 36
Behavioural Equivalences• Intuition:
– Same possible sequences of observable actions
– Finite / infinite sequences
– Various refinements of the concept of observation
• Definition: Trace EquivalenceFor a LTS (S, s0, L, T) its Trace language T is the set of finite sequences {(t = t1, …, tn such that s0,…,sn Sn+1,
and (sn-1,tn,sn) T}
Two LTSs are Trace equivalent iff their Trace languages are equal.
Corresponding Ordering: Trace inclusion
Mastère RSD - TC4 oct-nov 2006 37
Trace Languages, Examples
1. Those 2 systems are trace equivalent:
2. A trace language can be an infinite set:
≡a a a
b c b cT = {(), (a), (a,b), (a,c)}
ba T = {(), (a), (a,a), (a,…,a),…
(a,b), (a,a,b), (a,a,…,a,b), …}
Mastère RSD - TC4 oct-nov 2006 38
Bisimulation• Behavioural Equivalence
– non distinguishable states by observation: two states are equivalent if for all possible transitions labelled by
the same action, there exist equivalent resulting states.
• BisimulationsR SxS is a bisimulation iff– It is a equivalence relation (p,q) R, (p,l,p’) T => q’/ (q,l,q’) T and (p’,q’) R
• ~ is the coarsest bisimulation 2 LTS are bisimilar iff their initial states are in ~quotients = canonical normal forms
~
~act act
Mastère RSD - TC4 oct-nov 2006 39
Bisimulation (3)• More precise than trace equivalence :
• Preserves deadlock properties.
No state in B is equivalent to A1~!a !a !a
?b ?c ?b ?c
A0
A1
A2 A3
B0
B1
B3
B2
B4
Mastère RSD - TC4 oct-nov 2006 40
Bisimulation (4)
• Congruence laws:P1~P2 => a:P1 ~ a:P2 ( P1,P2,a)
P1~P2, Q1~Q2 => P1+Q1 ~ P2+Q2
P1~P2, Q1~Q2 => P1||Q1 ~ P2||Q2
Etc…• ~ is a congruence for all CCS operators :
Basis for compositional proof methods
for any CCS context C[.], C[P] ~ C[Q] <=> P~Q
Mastère RSD - TC4 oct-nov 2006 41
Observational Equivalences• Weak bisimulation
– Abstraction: hidden actions
– allows for arbitrary many internal actions
• Branching bisimulation– … only staying in equivalent states
* * *
act
act
a a
Still existence of a canonical minimal automataComputation is polynomial
Mastère RSD - TC4 oct-nov 2006 42
Exercice 2 : BisimulationsAre those LTSs equivalent by:
- Strong bisimulation?
- Weak bisimulation ?
In each case, give a proof.
!out0!out0
?in0
!out0
?in0
Mastère RSD - TC4 oct-nov 2006 43
Exercice 3 : Bisimulation
• Exercice :1) Compute the strong minimal automaton for A1.
2) Compute the weak minimal automaton for A1.
!out0!out0
?in0
A1
Mastère RSD - TC4 oct-nov 2006 44
Exercice 4 : Synchronized Product
!out0!out1 !out0
?in1 ?in0
!out1
Compute the synchronized product of the LTS representing the ABP emitter with the (forward) Channel:
local {in0, in1} in (Emitter || Channel)
?imss
?imss
?imss?ack0
?ack0
?ack1
?ack1
!in0
!in1
0 1
23
0
12
Mastère RSD - TC4 oct-nov 2006 45
Automatas with datafrom state<i> provided guard_cond(vars) then execute body goto state<j>
• We need add: if_then_else : tree of successor states guards and conditions on external signals local variables (scoping)
Graphical specifications languages : SDL, Statecharts, etc.
[x<3] ?n. y=x+nx x,y
Mastère RSD - TC4 oct-nov 2006 46
The Dream
Provide Analysis and Verification Tools to the (non-specialist) programmer – Specification Language (textual or graphical)
– Code analysis tools
– Automatic Model-Checking
Mastère RSD - TC4 oct-nov 2006 47
Tool Set (future…)
Abstraction/Compilation
Architecture:ADL code
Behaviour SpecJava / ProActive
code
Data Types(simple)
Result Interpretation
Semantical Model
Model-CheckerAnd
VerificationTools
Mastère RSD - TC4 oct-nov 2006 48
Tool Set (future…)
Method Call Graph
Network of Parameterized LTSs
Network of finite LTSs
Abstraction/Compilation
Operational semantics
Finite instanciation
Architecture:ADL code
Compilation
Network of Parameterized LTSsBehaviour Spec
Java / ProActivecode
Data Types(simple)
Result Interpretation
Model-CheckerAnd
VerificationTools
Mastère RSD - TC4 oct-nov 2006 49
Next courses3) Software Components
– Fractal : main concepts– Deployment, management, transformations– Specification of components
2) Application to distributed applications– ProActive : active object and distributed components– Behaviour models– Tools : build an analysis and verification platform